package com.ggkt.common.utils;

import java.util.regex.Pattern;

public class FilterSQL {

    static String reg = "(?:--)|(/\\*(?:.|[\\n\\r])*?\\*/)|"
            + "(\\b(select|update|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute)\\b)";

    static Pattern sqlPattern = Pattern.compile(reg, Pattern.CASE_INSENSITIVE);

    public static String filterSQL(String parmSql) {
        String rstFilter = "";
        if (parmSql == null || "".equals(parmSql)) {
            return rstFilter;
        }
        if (sqlPattern.matcher(parmSql).find()) {
            rstFilter = "-1";
        } else {
            rstFilter = parmSql;
        }
        return rstFilter;
    }


    public static void main(String[] args) {
        String str = "update update; from 1;1,2,3";
        System.out.println("|" + FilterSQL.filterSQL(str) + "|");
    }

}
